aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Documentation/networking/ip-sysctl.txt10
-rw-r--r--include/net/sctp/constants.h7
-rw-r--r--include/net/sctp/structs.h10
-rw-r--r--net/sctp/bind_addr.c21
-rw-r--r--net/sctp/protocol.c11
-rw-r--r--net/sctp/sysctl.c12
6 files changed, 65 insertions, 6 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 4e9c6d7b4efc..fbe427a6580c 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1297,6 +1297,16 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
1297sctp_wmem - vector of 3 INTEGERs: min, default, max 1297sctp_wmem - vector of 3 INTEGERs: min, default, max
1298 See tcp_wmem for a description. 1298 See tcp_wmem for a description.
1299 1299
1300addr_scope_policy - INTEGER
1301 Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
1302
1303 0 - Disable IPv4 address scoping
1304 1 - Enable IPv4 address scoping
1305 2 - Follow draft but allow IPv4 private addresses
1306 3 - Follow draft but allow IPv4 link local addresses
1307
1308 Default: 1
1309
1300 1310
1301/proc/sys/net/core/* 1311/proc/sys/net/core/*
1302dev_weight - INTEGER 1312dev_weight - INTEGER
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
index af8c1508109e..58f714a3b670 100644
--- a/include/net/sctp/constants.h
+++ b/include/net/sctp/constants.h
@@ -363,6 +363,13 @@ typedef enum {
363 SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */ 363 SCTP_SCOPE_UNUSABLE, /* IPv4 unusable addresses */
364} sctp_scope_t; 364} sctp_scope_t;
365 365
366typedef enum {
367 SCTP_SCOPE_POLICY_DISABLE, /* Disable IPv4 address scoping */
368 SCTP_SCOPE_POLICY_ENABLE, /* Enable IPv4 address scoping */
369 SCTP_SCOPE_POLICY_PRIVATE, /* Follow draft but allow IPv4 private addresses */
370 SCTP_SCOPE_POLICY_LINK, /* Follow draft but allow IPv4 link local addresses */
371} sctp_scope_policy_t;
372
366/* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>, 373/* Based on IPv4 scoping <draft-stewart-tsvwg-sctp-ipv4-00.txt>,
367 * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24, 374 * SCTP IPv4 unusable addresses: 0.0.0.0/8, 224.0.0.0/4, 198.18.0.0/24,
368 * 192.88.99.0/24. 375 * 192.88.99.0/24.
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 993cfff9218e..a48d80e77cd7 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -219,6 +219,15 @@ extern struct sctp_globals {
219 /* Flag to idicate if SCTP-AUTH is enabled */ 219 /* Flag to idicate if SCTP-AUTH is enabled */
220 int auth_enable; 220 int auth_enable;
221 221
222 /*
223 * Policy to control SCTP IPv4 address scoping
224 * 0 - Disable IPv4 address scoping
225 * 1 - Enable IPv4 address scoping
226 * 2 - Selectively allow only IPv4 private addresses
227 * 3 - Selectively allow only IPv4 link local address
228 */
229 int ipv4_scope_policy;
230
222 /* Flag to indicate whether computing and verifying checksum 231 /* Flag to indicate whether computing and verifying checksum
223 * is disabled. */ 232 * is disabled. */
224 int checksum_disable; 233 int checksum_disable;
@@ -252,6 +261,7 @@ extern struct sctp_globals {
252#define sctp_port_hashtable (sctp_globals.port_hashtable) 261#define sctp_port_hashtable (sctp_globals.port_hashtable)
253#define sctp_local_addr_list (sctp_globals.local_addr_list) 262#define sctp_local_addr_list (sctp_globals.local_addr_list)
254#define sctp_local_addr_lock (sctp_globals.addr_list_lock) 263#define sctp_local_addr_lock (sctp_globals.addr_list_lock)
264#define sctp_scope_policy (sctp_globals.ipv4_scope_policy)
255#define sctp_addip_enable (sctp_globals.addip_enable) 265#define sctp_addip_enable (sctp_globals.addip_enable)
256#define sctp_addip_noauth (sctp_globals.addip_noauth_enable) 266#define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
257#define sctp_prsctp_enable (sctp_globals.prsctp_enable) 267#define sctp_prsctp_enable (sctp_globals.prsctp_enable)
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
index 6d5944a745d4..13a6fba41077 100644
--- a/net/sctp/bind_addr.c
+++ b/net/sctp/bind_addr.c
@@ -510,9 +510,28 @@ int sctp_in_scope(const union sctp_addr *addr, sctp_scope_t scope)
510 * of requested destination address, sender and receiver 510 * of requested destination address, sender and receiver
511 * SHOULD include all of its addresses with level greater 511 * SHOULD include all of its addresses with level greater
512 * than or equal to L. 512 * than or equal to L.
513 *
514 * Address scoping can be selectively controlled via sysctl
515 * option
513 */ 516 */
514 if (addr_scope <= scope) 517 switch (sctp_scope_policy) {
518 case SCTP_SCOPE_POLICY_DISABLE:
515 return 1; 519 return 1;
520 case SCTP_SCOPE_POLICY_ENABLE:
521 if (addr_scope <= scope)
522 return 1;
523 break;
524 case SCTP_SCOPE_POLICY_PRIVATE:
525 if (addr_scope <= scope || SCTP_SCOPE_PRIVATE == addr_scope)
526 return 1;
527 break;
528 case SCTP_SCOPE_POLICY_LINK:
529 if (addr_scope <= scope || SCTP_SCOPE_LINK == addr_scope)
530 return 1;
531 break;
532 default:
533 break;
534 }
516 535
517 return 0; 536 return 0;
518} 537}
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index a76da657244a..60093be8385d 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -431,16 +431,14 @@ static int sctp_v4_available(union sctp_addr *addr, struct sctp_sock *sp)
431 * of requested destination address, sender and receiver 431 * of requested destination address, sender and receiver
432 * SHOULD include all of its addresses with level greater 432 * SHOULD include all of its addresses with level greater
433 * than or equal to L. 433 * than or equal to L.
434 *
435 * IPv4 scoping can be controlled through sysctl option
436 * net.sctp.addr_scope_policy
434 */ 437 */
435static sctp_scope_t sctp_v4_scope(union sctp_addr *addr) 438static sctp_scope_t sctp_v4_scope(union sctp_addr *addr)
436{ 439{
437 sctp_scope_t retval; 440 sctp_scope_t retval;
438 441
439 /* Should IPv4 scoping be a sysctl configurable option
440 * so users can turn it off (default on) for certain
441 * unconventional networking environments?
442 */
443
444 /* Check for unusable SCTP addresses. */ 442 /* Check for unusable SCTP addresses. */
445 if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) { 443 if (IS_IPV4_UNUSABLE_ADDRESS(addr->v4.sin_addr.s_addr)) {
446 retval = SCTP_SCOPE_UNUSABLE; 444 retval = SCTP_SCOPE_UNUSABLE;
@@ -1259,6 +1257,9 @@ SCTP_STATIC __init int sctp_init(void)
1259 /* Disable AUTH by default. */ 1257 /* Disable AUTH by default. */
1260 sctp_auth_enable = 0; 1258 sctp_auth_enable = 0;
1261 1259
1260 /* Set SCOPE policy to enabled */
1261 sctp_scope_policy = SCTP_SCOPE_POLICY_ENABLE;
1262
1262 sctp_sysctl_register(); 1263 sctp_sysctl_register();
1263 1264
1264 INIT_LIST_HEAD(&sctp_address_families); 1265 INIT_LIST_HEAD(&sctp_address_families);
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 63eabbc71298..ab7151da120f 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -51,6 +51,7 @@ static int timer_max = 86400000; /* ms in one day */
51static int int_max = INT_MAX; 51static int int_max = INT_MAX;
52static int sack_timer_min = 1; 52static int sack_timer_min = 1;
53static int sack_timer_max = 500; 53static int sack_timer_max = 500;
54static int addr_scope_max = 3; /* check sctp_scope_policy_t in include/net/sctp/constants.h for max entries */
54 55
55extern int sysctl_sctp_mem[3]; 56extern int sysctl_sctp_mem[3];
56extern int sysctl_sctp_rmem[3]; 57extern int sysctl_sctp_rmem[3];
@@ -272,6 +273,17 @@ static ctl_table sctp_table[] = {
272 .proc_handler = proc_dointvec, 273 .proc_handler = proc_dointvec,
273 .strategy = sysctl_intvec 274 .strategy = sysctl_intvec
274 }, 275 },
276 {
277 .ctl_name = CTL_UNNUMBERED,
278 .procname = "addr_scope_policy",
279 .data = &sctp_scope_policy,
280 .maxlen = sizeof(int),
281 .mode = 0644,
282 .proc_handler = &proc_dointvec_minmax,
283 .strategy = &sysctl_intvec,
284 .extra1 = &zero,
285 .extra2 = &addr_scope_max,
286 },
275 { .ctl_name = 0 } 287 { .ctl_name = 0 }
276}; 288};
277 289